CVE-2013-1445 in Dlitz PyCryptoinfo

Summary

The Crypto.Random.atfork function in PyCrypto before 2.6.1 does not properly reseed the pseudo-random number generator (PRNG) before allowing a child process to access it, which makes it easier for context-dependent attackers to obtain sensitive information by leveraging a race condition in which a child process is created and accesses the PRNG within the same rate-limit period as another process.

VulDB is the best source for vulnerability data and more expert information about this specific topic.

Reservation

01/26/2013

Disclosure

10/26/2013

Entries

VulDB provides additional information and datapoints for this CVE:

ID	Vulnerability	CWE	Exp	Cou	CVE
65361	Dlitz PyCrypto Pseudo-Random Number Generator Crypto.Random.atfork cryptographic issue	310	Not defined	Official fix	CVE-2013-1445

Description

CPE

CWE

CVSS

Exploits

History

Diff

Relate

Threat Intelligence

API JSON

API XML

API CSV

Sources

◂ PreviousOverviewNext ▸

Want to know what is going to be exploited?

We predict KEV entries!